.htaccess 301 Redirects for IP Ranges
I'm sure that you've at some point come across some annoying bot or individual who thinks that it's a good idea to spam your blog or contact form with a load of nasty links or blocks of complete gibberish. Sometimes they can be relentless and can really start to get quite annoying and so I searched for a method that once you have obtained their IP address could redirect them to another website altogether. The method is to use the .htaccess file in the root of a website's directory to redirect the offender's IP address to a new location. An .htaccess file is the default directory configuration file used on Apache Servers and can be used to rewrite URLs, to authenticate usernames and passwords or for customised error responses (error 404 pages etc). They can be created quite simply using any editor like notepad and are unusually saved without a filename and the extension of .htaccess.
What will I need to do this?
- Your hosting needs to support PHP
- Your hosting needs to be on an Apache Server - preferably Linux based - IIS will not support .htaccess files.
- You need to check with your host that .htaccess files are allowed to be used. This should be fine in most cases.
Getting their IP address
The first step is to get their IP address. On your blog this shouldn't be a problem as you normally get their IP address when they post a comment/reply to one of your blog's. With the forms on your website, those that use PHP can quite simply add one line of code to their form to e-mail script.
Create a hidden field and set the value to:
value="<?php echo HTTP_VARS['REMOTE_HOST'] .$HTTP_VARS['HTTP_USER_AGENT'] .$HTTP_VARS['REMOTE_ADDR'] .$HTTP_VARS['REMOTE_USER'] ?>"
Then when the form is posted with that hidden field included you will get the operating system, browser info and IP address of the user. Now if you look at all the e-mails coming in from the forms you can monitor if it's the same IP address that's using your form. If you're lucky and it is all from the same address then you need to just redirect the one address using the .htaccess file. If the fourth block of numbers are different each time but the rest are the same then that means they are still within the same IP address range and you need to redirect the range of IP's. If the address is different each time but it looks like the same offender then they are probably using an Internet Proxy Server. The next step is to lookup the addresses so you can get more clues about the offender.
For security add input filtering to the PHP code!
Make sure to wrap htmlentities() around each form variable.
Filtering must be done knowing what the destination of the data is. The destination in this case is an html page and hence htmlentities() is the most appropriate filter. If it were to be inserted into a database later, you would need to do some extra filtering such as addslashes() or mysql_real_escape_string() just before it went into the database. If you plan on sending it in an email, make sure you do some filtering appropriate for email such as validating the To: and From: addresses with a regex and running htmlentities() because most mail clients also have HTML engines built in.
Also, don't forget to check your webserver logs to see if the spammer has gone away or changed source. I've seen spammers persistently hitting the same site for months on end, changing their IP address every month or two. If a legitimate user were on the same ISP and got the same IP address after the spammer was finished with it, you could be sending real users away when you want to keep them.
Using WhoIs to Lookup IP address
You can look up an IP address or URL using a whois lookup and that will give you the information about it's owner. Now this does not mean in all cases that it's the offender who will be displayed on the record and in most cases it is in fact the user's Internet Provider. Now this is handy as if the offending IP's point towards this same Internet Provider but the addresses are different each time then keep all the e-mails as evidence and write an e-mail or letter to the provider detailing the offender and the spam. They should then deal with it on your behalf.
Otherwise it's quicker to make the .htaccess file and redirect them from your website. This can be more fun too as you can redirect them anywhere you want! It depends on how cruel you want to be!
How to redirect using .htaccess from a specific page
To block the offender from visiting a specific page (maybe the one with the form on) then use this code. This method will still allow them to access the rest of the website. Change the IP address to suit your offender, the page you want to redirect them from and the destination URL. Save it as .htaccess and put it in the root of your website.
Using a single IP address:
# permanently redirect specific IP request for single page
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} 22\.22\.22\.239
RewriteCond %{REQUEST_URI} page-with-form-on.php$
RewriteRule .* http://www.destinationwebsite.com/ [R=301,L]
Using an IP range:
# permanently redirect ranged IP request for single page
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} 22\.22\.22
RewriteCond %{REQUEST_URI} page-with-form-on.php$
RewriteRule .* http://www.destinationwebsite.com/ [R=301,L]
How to redirect using .htaccess from an entire website
To block the offender from being able to access your website at all then you want to use the following in your .htaccess. Change the IP address to suit your offender and the destination URL. Save it as .htaccess and put it in the root of your website. Also change the \.php to \.html if your website uses html for pages extensions and not php.
Using a single IP address:
# permanently redirect specific IP request for entire site
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} 22\.22\.22\.239
RewriteRule \.php$ http://www.destinationwebsite.com/ [R=301,L]
Using an IP range:
# permanently redirect specific IP request for entire site
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} 22\.22\.22
RewriteRule \.php$ http://www.destinationwebsite.com/ [R=301,L]